Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct and other related viruses.


  • This topic is locked This topic is locked
43 replies to this topic

#1 Acer17

Acer17

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 25 March 2012 - 09:30 PM

Hello all! Ok, so it's appearant I have malware on my windows 7 64-bit lap-top. After re-installing AVG ANTI VIRUS 2012, the AVG shield states these 2 infections:(first image) for how this alert looks along with it's infected contents is located here: http://tinypic.com/r/9abtjn/5

I'm currently running Malwarebytes anti-malware. Which is scanning, but hasn't found anything yet.

Recently I had been having trouble with the google re-direct virus, which I'm sure is the culprit for the trojans found on my computer.
About 3 days ago I installed AVG anti-virus 2012.(second image) for how this alert looks along with it's infected contents is located here: http://tinypic.com/r/28ajndy/5

As you can see, it detected 2 viruses in the system32 file, which is required to boot up windows. Not knowing I wouldn't be able to boot back
into windows again if this file had been removed, I sent it to the quarantine along with the other listed viruses in the image.

So as you know when a system32 file is deleted and you can't boot back into the system, as an option on windows 7 (well not really considering it's the ONLY way to get back in), system restore is given.

I restored my system at the boot menu, which went back to a time before AVG ANTI-VIRUS 2012 had been configuered on to my system.

Looking at the 1st image, you can see one of the exact files and its location(windows\assembly\gac_64) was detected in the AVG scan BEFORE(2nd image) the restore/system boot fail...So I'm pretty sure because the system rolled back into an infected state, the other same viruses in the 2nd image will be found again soon.

Kindly take note: The 1st image is of today, 3/25/12, which is the day I re-installed AVG and received the notice via Resident Shield. After you've went to the image location, Cllicking on each image will enlarge them. Attached File  1st image.JPG   28.72KB   3 downloadsAttached File  2nd image.JPG   49.27KB   3 downloads

MY DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ivee at 23:20:47 on 2012-03-25
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Ivee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDDT0JY2\Defogger.exe
C:\Users\Ivee\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE}\2456C6B696E6E233333454 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE}\34C656675627D4F6F63756D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE}\35564786 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
AppInit_DLLs:
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64:
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSEH;AVGIDSEH
R? esgiguard;esgiguard
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMProtector;MBAMProtector
R? MBAMService;MBAMService
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? NTIBackupSvc;NTI Backup Now 5 Backup Service
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtsUIR;Realtek IR Driver
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
S? ePowerSvc;Acer ePower Service
S? Greg_Service;GRegService
S? L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
S? mwlPSDFilter;mwlPSDFilter
S? mwlPSDNServ;mwlPSDNServ
S? mwlPSDVDisk;mwlPSDVDisk
S? MWLService;MyWinLocker Service
S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
S? stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0
S? Updater Service;Updater Service
S? usbfilter;AMD USB Filter Driver
S? vToolbarUpdater;vToolbarUpdater
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-03-25 21:26:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-25 19:43:25 -------- d-----w- C:\Users\Ivee\AppData\Roaming\AVG2012
2012-03-25 19:27:10 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-25 19:24:27 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-25 19:21:19 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-25 10:47:20 -------- d-----w- C:\Windows\System32\SPReview
2012-03-25 10:41:40 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-25 10:35:26 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-25 10:35:26 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-25 08:15:40 -------- d-----w- C:\$RECYCLE.BIN
2012-03-24 15:40:19 -------- d-----w- C:\Program Files\CCleaner
2012-03-24 08:11:13 -------- d-----w- C:\ProgramData\CPA_VA
2012-03-24 08:01:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-03-23 19:40:01 -------- d-----w- C:\$AVG
2012-03-23 17:53:59 -------- d-----w- C:\Program Files (x86)\Comodo
2012-03-23 17:49:50 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-23 17:49:44 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-23 17:46:30 -------- d-----w- C:\ProgramData\AVG2012
2012-03-23 17:44:07 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-23 17:32:14 -------- d--h--w- C:\ProgramData\Common Files
2012-03-23 17:31:38 -------- d-----w- C:\ProgramData\MFAData
2012-03-23 17:20:32 -------- d-----w- C:\ProgramData\PC Tools
2012-03-23 17:20:31 -------- d--h--w- C:\Users\Ivee\AppData\Roaming\TestApp
2012-03-22 19:47:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 11:31:42 -------- d-----w- C:\sh4ldr
2012-03-22 11:31:41 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-22 11:30:08 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-22 11:30:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-22 09:16:36 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8249.tmp
2012-03-22 09:16:36 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\81FA.tmp
2012-03-14 07:09:33 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:09:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:09:29 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 20:48:50 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 20:48:33 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 20:48:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:47:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:47:36 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 20:47:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:47:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:47:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 20:47:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:47:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
==================== Find3M ====================
.
2012-03-25 11:38:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-25 11:38:19 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 23:32:45.74 ===============

Attached File  Attach.txt   7.34KB   1 downloads


ALSO: I'm more than willing to offer compensation via Paypal for an effective resolution!
Thank you all!

Edited by Acer17, 25 March 2012 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 08:35 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.




For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 06:31 PM

Hello and thank you. My computer didn't come with an installation disk, so I can't enter system recovery using a disk..So this step is skipped correct, and I only complete the "To enter System Recovery Options from the Advanced Boot Options:
•Restart the computer.
•As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

•Use the arrow keys to select the Repair your computer menu item.

•Select US as the keyboard language settings, and then click Next.

•Select the operating system you want to repair, and then click Next.

•Select your user account an click Next." portion moving on to the "On the System Recovery Options menu you will get the following options:" portion of the instructions?

Edited by Acer17, 26 March 2012 - 06:46 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 06:56 PM

yes that is correct



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 08:40 PM

Ok, well I have another question about backup. As suggested, I visited the preparation guide via the link in the instructions. Bleep Bleep does a well job explaining the instructions however I'm confused on the part where he says "For the purposes of this tutorial, I created a folder in my E:\ drive named desktopclone and set that as the directory where my backup image will be created. In the Options category you should set Compression to Good (slow!), to make the backup image smaller, and then uncheck all of the other items. Then in the Hot Imaging Strategy: category select Try Volume Shadow Services first. These suggested settings are shown in the image above. Once you have the options screen setup like you want it press the Next button to continue."

I decided to download the driveimage xml backup tool since it supports windows 7 and the others do not. I'm confused as what "E:\" drive is as drive letters vary for different versions...Where would you suggest an ideal clone location be saved? My CD drive (E;) U3 system flash drive 5.57 mb, and the removable disk (f:\) supports 973 mb...I don't think that's enough space to save a complete OS and it's files on...

The link i'm referring to where Bleep Bleep mentions this is: http://www.bleepingcomputer.com/tutorials/backup-your-computer-with-driveimage-xml/

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 09:01 PM

Hello

The E:/ drive he mentions is a separate partition that he made for backups

with the new versions that have come out you can make a folder on the C:/ drive and put the backup there


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 09:53 PM

Ok! Well, as of now I'm backing my system up...Which will take some time I'm sure of! I appologise for the delay, I've been in the midst of so much research! After the backup the process will flow so much faster. I saved the system image to my c:\ in the documents folder, it was the default location when launched DriveImage. How do I detect the drive letter of my flashdrive? I notice in the instructions I must change "e" to the flash drive letter. Also, how many hard drives in the computer can one backup information too, and which ones are ok? As of now, like i stated, I'm saving info to my c:\ hard drive.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 10:04 PM

Hello

from the instructions

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.


you only need to do the C: drive for the backup
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 10:52 PM

What if ALL i need is the operating system? I don't have much on my computer in terms of programs or files that i added myself that are valuable for backup. Will imaging only the OS, speed the process? And will this restore the computer to "factory settings" in case the "unexpected" occurs? Or will programs such as internet explorer and the registry be missing? Is this a risky move? I didn't have the option to choose which programs/files to backup,driveimage just started backing up. Also, in case of a crash, would system restore be an option, acting as a system image, or is that completely wiped too?

P.S. It's still....backing up my files.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 10:58 PM

Hello

What if ALL i need is the operating system? - you don't need to back up all the other harddrives and things like that

I would backup the C drive and copy the document folder to something else like a cd or pen drive

Will imaging only the OS, speed the process? - yes

And will this restore the computer to "factory settings" in case the "unexpected" occurs? - nthis will restore it to the way it is right now

Also, in case of a crash, would system restore be an option, - yes that would still be an option
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 11:01 PM

Another question: What's the point in backing up a system that's initially not functioning right? Aren't you just backing up the problem(s)? Isn't backup intended for new/clean computers?

#12 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 26 March 2012 - 11:06 PM

Ok. You're so much help thank you! Also, I'm only backing up the c drive, and out of the 137 gb alotted on my pc, only 31 percent's being used...So it shouldn't take as long as I thought to backup.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:41 PM

Posted 26 March 2012 - 11:19 PM

What's the point in backing up a system that's initially not functioning right? Aren't you just backing up the problem(s)? Isn't backup intended for new/clean computers?


it gives us a place to return to if something bad happens

I would rather restart with an infected computer than lose everything


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 27 March 2012 - 04:02 AM

For the Farbar scan tool, there is no direct way to save it to a flash drive, immediately after i save it, this dialogue box comes up.

There's a search bar at the top of the dialogue box, and below it are the options: scan, search files, fix. With a whitelist of the options: Registry, services, drivers, known DLLs, drivers md5, list files and folders. All of which are checked by default. The tool is not in my files or desktop, so i can't find it and move it to my flash drive, i wasn't given the option upon run/save to save it anywhere particular.


UPDATE: I located the location in which the application was saved to. I'll be pasting the log in the next reply. Thank you.

Attached Files

  • Attached File  fb.JPG   27.88KB   0 downloads

Edited by Acer17, 27 March 2012 - 04:09 AM.


#15 Acer17

Acer17
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 27 March 2012 - 04:42 AM

Ok, here's the Farbar scan log:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 27-03-2012 05:32:06
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs:
Tcpip\..\Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{CBCDC8CB-860C-4571-99DD-F1A906C473DE}: [NameServer]8.26.56.26,156.154.70.22

==================== Services (Whitelisted) ======

4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
4 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
4 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-03-25] ()
4 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
4 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 PAC7302; C:\Windows\System32\Drivers\PAC7302.sys [527360 2007-09-10] (PixArt Imaging Inc.)
4 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 stdriver; C:\Windows\System32\DRIVERS\stdriver64.sys [103512 2011-07-11] (NCH Software)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
4 catchme; \??\C:\ComboFix\catchme.sys [x]
4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
4 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
4 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
4 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-27 00:55 - 2012-03-27 00:55 - 0001338 ____A C:\Users\Ivee\Desktop\fb.lnk
2012-03-27 00:48 - 2012-03-27 05:32 - 0000000 ____D C:\FRST
2012-03-27 00:47 - 2012-03-27 00:47 - 1385843 ____A C:\Users\Ivee\Downloads\FRST64.exe
2012-03-26 19:10 - 2012-03-26 19:10 - 0000000 ____D C:\Users\Ivee\Documents\BU
2012-03-26 18:27 - 2012-03-27 00:25 - 66996031 ____A C:\Users\Ivee\Documents\Drive_C.xml
2012-03-26 18:27 - 2012-03-27 00:25 - 4218844200 ____A C:\Users\Ivee\Documents\Drive_C.dat
2012-03-26 16:44 - 2012-03-26 16:44 - 0000000 ____D C:\Users\Ivee\Documents\desktopclone
2012-03-26 16:08 - 2012-03-26 16:08 - 0001111 ____A C:\Users\Public\Desktop\DriveImage XML.lnk
2012-03-26 16:07 - 2012-03-26 16:07 - 0000000 ____D C:\Program Files (x86)\Runtime Software
2012-03-26 14:13 - 2012-03-26 14:13 - 0010386 ____A C:\Users\Ivee\Desktop\msst convo.txt
2012-03-26 11:38 - 2012-03-26 11:38 - 0980480 ____A C:\Users\Ivee\Downloads\MicrosoftFixit50267.msi
2012-03-26 11:22 - 2012-03-26 11:23 - 0534483 ____A C:\Users\Ivee\Downloads\AutoRuns.zip
2012-03-26 11:13 - 2012-03-26 11:13 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-03-26 11:13 - 2012-03-26 11:13 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-03-26 11:08 - 2012-03-26 11:08 - 0000000 ____D C:\Windows\System32\Drivers\etc\HostBck
2012-03-26 11:04 - 2012-03-26 11:05 - 0000000 ____D C:\Users\Ivee\Desktop\HostsXpert
2012-03-26 11:04 - 2012-03-26 11:04 - 0357766 ____A C:\Users\Ivee\Downloads\HostsXpert.zip
2012-03-26 10:56 - 2012-03-26 11:12 - 126753536 ____A C:\Users\Ivee\Downloads\setup_11.0.0.1245.x01_2012_03_26_21_19.exe
2012-03-26 10:18 - 2012-03-26 10:18 - 0001268 ____A C:\Users\Ivee\Desktop\Revo Uninstaller.lnk
2012-03-26 10:18 - 2012-03-26 10:18 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-03-26 10:17 - 2012-03-26 10:17 - 2617176 ____A (VS Revo Group Ltd.) C:\Users\Ivee\Downloads\revosetup.exe
2012-03-26 10:13 - 2012-03-27 01:23 - 0206452 ____A C:\Windows\WindowsUpdate.log
2012-03-26 09:45 - 2012-03-26 09:45 - 0050040 ____A C:\Windows\ntbtlog.txt
2012-03-26 09:44 - 2012-03-27 01:24 - 0000280 ____A C:\Windows\setupact.log
2012-03-26 09:44 - 2012-03-26 09:44 - 0000000 ____A C:\Windows\setuperr.log
2012-03-26 08:17 - 2012-03-26 08:17 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 08:16 - 2012-03-27 00:57 - 0001977 ____A C:\Users\Ivee\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-26 08:16 - 2012-03-26 08:17 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-26 08:16 - 2012-03-26 08:16 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-26 08:16 - 2012-03-26 08:16 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-26 08:15 - 2012-03-26 08:15 - 15560536 ____A (SUPERAntiSpyware.com) C:\Users\Ivee\Downloads\SUPERAntiSpyware.exe
2012-03-26 08:08 - 2012-03-26 08:08 - 3628016 ____A (Piriform Ltd) C:\Users\Ivee\Downloads\ccsetup316.exe
2012-03-26 08:08 - 2012-03-26 08:08 - 0000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-26 08:04 - 2012-03-26 08:05 - 0077694 ____A C:\TDSSKiller.2.6.25.0_26.03.2012_12.04.10_log.txt
2012-03-26 08:02 - 2012-03-26 08:03 - 2048299 ____A C:\Users\Ivee\Desktop\tdsskiller.zip
2012-03-26 08:02 - 2012-03-26 08:02 - 0000348 ____A C:\TDSSKiller.2.6.25.0_26.03.2012_12.02.15_log.txt
2012-03-26 07:55 - 2012-03-26 07:55 - 0000000 ____D C:\Users\All Users\AMMYY
2012-03-26 07:55 - 2012-03-26 07:55 - 0000000 ____D C:\ProgramData\AMMYY
2012-03-26 04:35 - 2012-03-26 04:35 - 0000451 ____A C:\Users\Ivee\Desktop\MYTECHSUPPORTSTORE.COM
2012-03-26 02:46 - 2012-03-26 02:46 - 0000000 ____D C:\Windows\pss
2012-03-26 02:38 - 2012-03-26 02:38 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\TeamViewer
2012-03-26 02:37 - 2012-03-26 02:37 - 3356472 ____A (TeamViewer) C:\Users\Ivee\Downloads\TeamViewerQS_en.exe
2012-03-25 19:35 - 2012-03-25 19:35 - 0017891 ____A C:\Users\Ivee\Desktop\DDS.txt
2012-03-25 19:35 - 2012-03-25 19:35 - 0007517 ____A C:\Users\Ivee\Desktop\Attach.txt
2012-03-25 19:13 - 2012-03-25 19:13 - 0607260 ____R (Swearware) C:\Users\Ivee\Desktop\dds.scr
2012-03-25 19:08 - 2012-03-25 19:12 - 0000470 ____A C:\Users\Ivee\Desktop\defogger_disable.log
2012-03-25 19:08 - 2012-03-25 19:08 - 0000000 ____A C:\Users\Ivee\defogger_reenable
2012-03-25 17:42 - 2012-03-25 17:42 - 0029407 ____A C:\Users\Ivee\Desktop\1st image.JPG
2012-03-25 17:38 - 2012-03-25 17:38 - 0050451 ____A C:\Users\Ivee\Desktop\2nd image.JPG
2012-03-25 13:26 - 2012-03-26 02:56 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-25 13:13 - 2012-03-25 13:15 - 0124166 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_17.13.44_log.txt
2012-03-25 13:11 - 2012-03-25 13:11 - 0000000 ____D C:\Users\Ivee\Downloads\tdsskiller (2)
2012-03-25 13:10 - 2012-03-25 13:10 - 2047211 ____A C:\Users\Ivee\Downloads\tdsskiller (2).zip
2012-03-25 13:09 - 2012-03-25 13:09 - 0000348 ____A C:\TDSSKiller.2.6.25.0_25.03.2012_17.09.31_log.txt
2012-03-25 11:43 - 2012-03-25 11:43 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\AVG2012
2012-03-25 11:29 - 2012-03-25 11:29 - 0000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-03-25 11:27 - 2012-03-25 11:29 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-03-25 11:24 - 2012-03-25 11:24 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-03-25 11:21 - 2012-03-26 15:48 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-25 08:31 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-25 08:31 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-25 02:47 - 2012-03-25 02:47 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-25 02:41 - 2012-03-25 02:41 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-25 02:35 - 2012-03-25 02:34 - 0750488 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-25 02:35 - 2012-03-25 02:34 - 0660368 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-25 02:35 - 2012-03-25 02:34 - 0264584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-25 02:35 - 2012-03-25 02:34 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-25 02:35 - 2012-03-25 02:34 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-25 02:34 - 2012-03-25 02:34 - 0000000 ____D C:\Program Files\Java
2012-03-25 02:03 - 2012-03-25 02:03 - 0001892 ____A C:\TDSSKiller.2.6.25.0_25.03.2012_06.03.08_log.txt
2012-03-25 01:49 - 2012-03-25 01:49 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-25 01:49 - 2012-03-25 01:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-25 01:49 - 2012-03-25 01:49 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-25 01:49 - 2012-03-25 01:49 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-25 01:49 - 2012-03-25 01:49 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-25 01:49 - 2012-03-25 01:49 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-25 01:49 - 2012-03-25 01:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-25 01:49 - 2012-03-25 01:49 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-25 01:49 - 2012-03-25 01:49 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-25 01:49 - 2012-03-25 01:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-25 01:49 - 2012-03-25 01:49 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-25 01:49 - 2012-03-25 01:49 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-25 01:49 - 2012-03-25 01:49 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-25 00:21 - 2012-03-25 00:21 - 0017727 ____A C:\ComboFix.txt
2012-03-25 00:15 - 2012-03-25 00:15 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-24 23:00 - 2012-03-24 23:00 - 0065536 __ASH C:\Windows\System32\config\components{4d51d3d9-75ff-11e1-8365-0026228453f9}.TxR.blf
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-24 21:55 - 2012-03-25 01:47 - 0000000 ____D C:\Windows\ERDNT
2012-03-24 07:40 - 2012-03-26 08:08 - 0000000 ____D C:\Program Files\CCleaner
2012-03-24 07:34 - 2012-03-24 07:36 - 0121330 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_11.34.36_log.txt
2012-03-24 07:33 - 2012-03-24 07:33 - 0000348 ____A C:\TDSSKiller.2.6.25.0_24.03.2012_11.33.44_log.txt
2012-03-24 06:20 - 2012-03-24 06:20 - 0001136 ___AH C:\Users\Ivee\Documents\hosts.txt
2012-03-24 05:17 - 2012-03-24 05:18 - 0121308 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_09.17.06_log.txt
2012-03-24 05:15 - 2012-03-24 05:15 - 0000348 ____A C:\TDSSKiller.2.6.25.0_24.03.2012_09.15.36_log.txt
2012-03-24 04:21 - 2012-03-25 10:52 - 0429680 ____A C:\Windows\System32\Drivers\sfi.dat
2012-03-24 00:15 - 2012-03-24 00:17 - 0000479 ____A C:\data
2012-03-24 00:11 - 2012-03-25 05:54 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-03-24 00:11 - 2012-03-25 05:54 - 0000000 ____D C:\ProgramData\CPA_VA
2012-03-24 00:10 - 2012-03-24 00:11 - 0000000 ___HD C:\Users\Public\Documents\COMODO
2012-03-24 00:01 - 2012-03-24 00:01 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-03-23 14:46 - 2012-03-23 14:49 - 0125636 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_18.46.05_log.txt
2012-03-23 14:45 - 2012-03-23 22:43 - 0000000 ___HD C:\Users\Ivee\Downloads\tdsskiller (1)
2012-03-23 14:45 - 2012-03-23 14:45 - 2047211 ___AH C:\Users\Ivee\Downloads\tdsskiller (1).zip
2012-03-23 14:44 - 2012-03-23 14:44 - 2047211 ___AH C:\Users\Ivee\Downloads\tdsskiller.zip
2012-03-23 14:44 - 2012-03-23 14:44 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.44.51_log.txt
2012-03-23 14:44 - 2012-03-23 14:44 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.44.21_log.txt
2012-03-23 14:43 - 2012-03-23 14:43 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.43.26_log.txt
2012-03-23 11:40 - 2012-03-23 11:40 - 0000000 ____D C:\$AVG
2012-03-23 09:53 - 2012-03-25 10:38 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-03-23 09:49 - 2012-03-23 09:50 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-23 09:49 - 2012-03-23 09:50 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-23 09:46 - 2012-03-25 11:21 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-23 09:46 - 2012-03-25 11:21 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-23 09:44 - 2012-03-23 09:44 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-23 09:31 - 2012-03-26 23:05 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-23 09:31 - 2012-03-26 23:05 - 0000000 ____D C:\ProgramData\MFAData
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ___HD C:\Users\Ivee\AppData\Roaming\TestApp
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-22 11:58 - 2012-03-22 12:01 - 0125768 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_15.58.40_log.txt
2012-03-22 11:57 - 2012-03-22 11:57 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.57.37_log.txt
2012-03-22 11:47 - 2012-03-23 22:38 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-22 11:45 - 2012-03-22 11:51 - 0128566 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_15.45.20_log.txt
2012-03-22 11:43 - 2012-03-22 11:43 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.43.31_log.txt
2012-03-22 11:40 - 2012-03-22 11:40 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.40.50_log.txt
2012-03-22 06:34 - 2012-03-22 06:34 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_10.34.18_log.txt
2012-03-22 03:53 - 2012-03-22 03:53 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-22 03:31 - 2012-03-23 22:37 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-03-22 03:31 - 2012-03-22 09:50 - 0000000 ____D C:\sh4ldr
2012-03-22 03:30 - 2012-03-22 09:50 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-21 06:32 - 2012-03-26 11:23 - 0638784 ____A (Sysinternals - www.sysinternals.com) C:\Users\Ivee\Desktop\autoruns.exe
2012-03-20 22:30 - 2012-03-21 16:53 - 0054272 ___AH C:\Users\Ivee\Documents\RESUME FOR NON HEALTH AND SCIENCE LV JOBS (NO OUT OF STATE SCHOOL HIST.).doc
2012-03-19 16:54 - 2012-03-19 16:54 - 0000255 ___AH C:\Users\Ivee\Documents\jobs questions.txt
2012-03-17 22:35 - 2012-03-18 05:00 - 0000321 ___AH C:\Users\Ivee\Documents\volunteer questions.txt
2012-03-16 16:12 - 2012-03-20 23:26 - 0142347 ___AH C:\Users\Ivee\Documents\jobs.docx
2012-03-16 16:12 - 2012-03-16 16:12 - 0000162 ___AH C:\Users\Ivee\Documents\~$jobs.docx
2012-03-13 23:09 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:09 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 23:09 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 12:48 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 12:48 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 12:48 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 12:47 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 12:47 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 12:47 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 12:47 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 12:47 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-10 17:31 - 2012-03-10 18:21 - 0000162 ___AH C:\Users\Ivee\Documents\~$tering med school.docx
2012-03-07 13:46 - 2012-03-10 18:21 - 0012792 ___AH C:\Users\Ivee\Documents\Entering med school.docx
2012-03-06 22:00 - 2012-03-07 01:04 - 0018263 ___AH C:\Users\Ivee\Documents\HUCM.docx
2012-03-06 19:58 - 2012-03-07 01:03 - 0016528 ___AH C:\Users\Ivee\Documents\USUHS.docx
2012-03-06 12:21 - 2012-03-07 01:01 - 0013476 ___AH C:\Users\Ivee\Documents\Steps to Success.docx
2012-03-05 01:22 - 2012-03-05 01:22 - 0001052 ___AH C:\Users\Ivee\Documents\demitrez.txt
2012-03-04 19:27 - 2012-03-04 19:27 - 0000162 ___AH C:\Users\Ivee\Documents\~$litary base locations.docx
2012-03-04 16:57 - 2012-03-04 16:57 - 0000162 ___AH C:\Users\Ivee\Documents\~$r force.docx
2012-03-02 02:34 - 2012-03-02 02:34 - 0000033 ___AH C:\Users\Ivee\Documents\demetriz address.txt

============ 3 Months Modified Files and Folders =============

2012-03-27 05:32 - 2012-03-27 00:48 - 0000000 ____D C:\FRST
2012-03-27 01:24 - 2012-03-26 09:44 - 0000280 ____A C:\Windows\setupact.log
2012-03-27 01:24 - 2009-11-15 23:21 - 2211483648 __ASH C:\hiberfil.sys
2012-03-27 01:24 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-27 01:23 - 2012-03-26 10:13 - 0206452 ____A C:\Windows\WindowsUpdate.log
2012-03-27 01:23 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-27 01:23 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-27 01:14 - 2010-02-05 21:16 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-27 00:57 - 2012-03-26 08:16 - 0001977 ____A C:\Users\Ivee\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-27 00:55 - 2012-03-27 00:55 - 0001338 ____A C:\Users\Ivee\Desktop\fb.lnk
2012-03-27 00:47 - 2012-03-27 00:47 - 1385843 ____A C:\Users\Ivee\Downloads\FRST64.exe
2012-03-27 00:45 - 2010-02-05 21:17 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-27 00:39 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-27 00:25 - 2012-03-26 18:27 - 66996031 ____A C:\Users\Ivee\Documents\Drive_C.xml
2012-03-27 00:25 - 2012-03-26 18:27 - 4218844200 ____A C:\Users\Ivee\Documents\Drive_C.dat
2012-03-26 23:05 - 2012-03-23 09:31 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-26 23:05 - 2012-03-23 09:31 - 0000000 ____D C:\ProgramData\MFAData
2012-03-26 19:10 - 2012-03-26 19:10 - 0000000 ____D C:\Users\Ivee\Documents\BU
2012-03-26 16:44 - 2012-03-26 16:44 - 0000000 ____D C:\Users\Ivee\Documents\desktopclone
2012-03-26 16:08 - 2012-03-26 16:08 - 0001111 ____A C:\Users\Public\Desktop\DriveImage XML.lnk
2012-03-26 16:07 - 2012-03-26 16:07 - 0000000 ____D C:\Program Files (x86)\Runtime Software
2012-03-26 15:48 - 2012-03-25 11:21 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-26 14:13 - 2012-03-26 14:13 - 0010386 ____A C:\Users\Ivee\Desktop\msst convo.txt
2012-03-26 13:05 - 2011-12-23 05:15 - 0001163 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-26 11:38 - 2012-03-26 11:38 - 0980480 ____A C:\Users\Ivee\Downloads\MicrosoftFixit50267.msi
2012-03-26 11:23 - 2012-03-26 11:22 - 0534483 ____A C:\Users\Ivee\Downloads\AutoRuns.zip
2012-03-26 11:23 - 2012-03-21 06:32 - 0638784 ____A (Sysinternals - www.sysinternals.com) C:\Users\Ivee\Desktop\autoruns.exe
2012-03-26 11:13 - 2012-03-26 11:13 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-03-26 11:13 - 2012-03-26 11:13 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-03-26 11:12 - 2012-03-26 10:56 - 126753536 ____A C:\Users\Ivee\Downloads\setup_11.0.0.1245.x01_2012_03_26_21_19.exe
2012-03-26 11:08 - 2012-03-26 11:08 - 0000000 ____D C:\Windows\System32\Drivers\etc\HostBck
2012-03-26 11:05 - 2012-03-26 11:04 - 0000000 ____D C:\Users\Ivee\Desktop\HostsXpert
2012-03-26 11:04 - 2012-03-26 11:04 - 0357766 ____A C:\Users\Ivee\Downloads\HostsXpert.zip
2012-03-26 11:04 - 2011-05-07 08:09 - 0360448 ____A (funkytoad.com) C:\Users\Ivee\Desktop\HostsXpert.exe
2012-03-26 10:28 - 2011-12-30 08:33 - 0000498 ____A C:\rkill.log
2012-03-26 10:18 - 2012-03-26 10:18 - 0001268 ____A C:\Users\Ivee\Desktop\Revo Uninstaller.lnk
2012-03-26 10:18 - 2012-03-26 10:18 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-03-26 10:17 - 2012-03-26 10:17 - 2617176 ____A (VS Revo Group Ltd.) C:\Users\Ivee\Downloads\revosetup.exe
2012-03-26 09:45 - 2012-03-26 09:45 - 0050040 ____A C:\Windows\ntbtlog.txt
2012-03-26 09:44 - 2012-03-26 09:44 - 0000000 ____A C:\Windows\setuperr.log
2012-03-26 08:17 - 2012-03-26 08:17 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 08:17 - 2012-03-26 08:16 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-26 08:16 - 2012-03-26 08:16 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-26 08:16 - 2012-03-26 08:16 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-26 08:15 - 2012-03-26 08:15 - 15560536 ____A (SUPERAntiSpyware.com) C:\Users\Ivee\Downloads\SUPERAntiSpyware.exe
2012-03-26 08:11 - 2010-06-30 09:38 - 0000000 ____D C:\Windows\Minidump
2012-03-26 08:11 - 2009-12-25 14:18 - 0000000 ___HD C:\Users\Ivee\Tracing
2012-03-26 08:11 - 2007-07-11 17:49 - 0000000 ____D C:\Windows\Panther
2012-03-26 08:08 - 2012-03-26 08:08 - 3628016 ____A (Piriform Ltd) C:\Users\Ivee\Downloads\ccsetup316.exe
2012-03-26 08:08 - 2012-03-26 08:08 - 0000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-26 08:08 - 2012-03-24 07:40 - 0000000 ____D C:\Program Files\CCleaner
2012-03-26 08:05 - 2012-03-26 08:04 - 0077694 ____A C:\TDSSKiller.2.6.25.0_26.03.2012_12.04.10_log.txt
2012-03-26 08:03 - 2012-03-26 08:02 - 2048299 ____A C:\Users\Ivee\Desktop\tdsskiller.zip
2012-03-26 08:02 - 2012-03-26 08:02 - 0000348 ____A C:\TDSSKiller.2.6.25.0_26.03.2012_12.02.15_log.txt
2012-03-26 07:55 - 2012-03-26 07:55 - 0000000 ____D C:\Users\All Users\AMMYY
2012-03-26 07:55 - 2012-03-26 07:55 - 0000000 ____D C:\ProgramData\AMMYY
2012-03-26 04:35 - 2012-03-26 04:35 - 0000451 ____A C:\Users\Ivee\Desktop\MYTECHSUPPORTSTORE.COM
2012-03-26 02:56 - 2012-03-25 13:26 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-26 02:51 - 2009-08-21 18:17 - 0000000 ____D C:\Program Files\Google
2012-03-26 02:51 - 2009-08-21 18:16 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-26 02:46 - 2012-03-26 02:46 - 0000000 ____D C:\Windows\pss
2012-03-26 02:45 - 2009-12-25 12:44 - 0000000 ___HD C:\Users\Ivee\AppData\Local\Google
2012-03-26 02:45 - 2009-08-21 18:16 - 0000000 ____D C:\Users\All Users\Google
2012-03-26 02:45 - 2009-08-21 18:16 - 0000000 ____D C:\ProgramData\Google
2012-03-26 02:38 - 2012-03-26 02:38 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\TeamViewer
2012-03-26 02:37 - 2012-03-26 02:37 - 3356472 ____A (TeamViewer) C:\Users\Ivee\Downloads\TeamViewerQS_en.exe
2012-03-26 00:21 - 2009-07-13 20:45 - 0426912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-25 19:35 - 2012-03-25 19:35 - 0017891 ____A C:\Users\Ivee\Desktop\DDS.txt
2012-03-25 19:35 - 2012-03-25 19:35 - 0007517 ____A C:\Users\Ivee\Desktop\Attach.txt
2012-03-25 19:13 - 2012-03-25 19:13 - 0607260 ____R (Swearware) C:\Users\Ivee\Desktop\dds.scr
2012-03-25 19:12 - 2012-03-25 19:08 - 0000470 ____A C:\Users\Ivee\Desktop\defogger_disable.log
2012-03-25 19:08 - 2012-03-25 19:08 - 0000000 ____A C:\Users\Ivee\defogger_reenable
2012-03-25 19:08 - 2009-12-25 12:39 - 0000000 ____D C:\users\Ivee
2012-03-25 18:03 - 2011-06-23 17:24 - 2291712 __ASH C:\Users\Ivee\Documents\Thumbs.db
2012-03-25 17:42 - 2012-03-25 17:42 - 0029407 ____A C:\Users\Ivee\Desktop\1st image.JPG
2012-03-25 17:38 - 2012-03-25 17:38 - 0050451 ____A C:\Users\Ivee\Desktop\2nd image.JPG
2012-03-25 13:15 - 2012-03-25 13:13 - 0124166 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_17.13.44_log.txt
2012-03-25 13:11 - 2012-03-25 13:11 - 0000000 ____D C:\Users\Ivee\Downloads\tdsskiller (2)
2012-03-25 13:10 - 2012-03-25 13:10 - 2047211 ____A C:\Users\Ivee\Downloads\tdsskiller (2).zip
2012-03-25 13:09 - 2012-03-25 13:09 - 0000348 ____A C:\TDSSKiller.2.6.25.0_25.03.2012_17.09.31_log.txt
2012-03-25 12:51 - 2010-02-11 16:04 - 0000000 ___HD C:\Users\Ivee\AppData\Local\ElevatedDiagnostics
2012-03-25 11:43 - 2012-03-25 11:43 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\AVG2012
2012-03-25 11:29 - 2012-03-25 11:29 - 0000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-03-25 11:29 - 2012-03-25 11:27 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-03-25 11:24 - 2012-03-25 11:24 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-03-25 11:21 - 2012-03-23 09:46 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-25 11:21 - 2012-03-23 09:46 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-25 10:52 - 2012-03-24 04:21 - 0429680 ____A C:\Windows\System32\Drivers\sfi.dat
2012-03-25 10:38 - 2012-03-23 09:53 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-03-25 05:54 - 2012-03-24 00:11 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-03-25 05:54 - 2012-03-24 00:11 - 0000000 ____D C:\ProgramData\CPA_VA
2012-03-25 04:24 - 2009-12-25 12:41 - 0000174 ___SH C:\Users\Ivee\Start Menu\Programs\Startup\desktop.ini
2012-03-25 04:24 - 2009-12-25 12:41 - 0000174 ___SH C:\Users\Ivee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-25 04:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-25 04:09 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-03-25 04:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-25 04:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-03-25 04:09 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-03-25 04:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-03-25 03:38 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-03-25 03:38 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-03-25 02:47 - 2012-03-25 02:47 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-25 02:41 - 2012-03-25 02:41 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-25 02:34 - 2012-03-25 02:35 - 0750488 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-25 02:34 - 2012-03-25 02:35 - 0660368 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-25 02:34 - 2012-03-25 02:35 - 0264584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-25 02:34 - 2012-03-25 02:35 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-25 02:34 - 2012-03-25 02:35 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-25 02:34 - 2012-03-25 02:34 - 0000000 ____D C:\Program Files\Java
2012-03-25 02:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-25 02:03 - 2012-03-25 02:03 - 0001892 ____A C:\TDSSKiller.2.6.25.0_25.03.2012_06.03.08_log.txt
2012-03-25 01:49 - 2012-03-25 01:49 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-25 01:49 - 2012-03-25 01:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-25 01:49 - 2012-03-25 01:49 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-25 01:49 - 2012-03-25 01:49 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-25 01:49 - 2012-03-25 01:49 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-25 01:49 - 2012-03-25 01:49 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-25 01:49 - 2012-03-25 01:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-25 01:49 - 2012-03-25 01:49 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-25 01:49 - 2012-03-25 01:49 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-25 01:49 - 2012-03-25 01:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-25 01:49 - 2012-03-25 01:49 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-25 01:49 - 2012-03-25 01:49 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-25 01:49 - 2012-03-25 01:49 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-25 01:49 - 2012-03-25 01:49 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-25 01:49 - 2012-03-25 01:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-25 01:47 - 2012-03-24 21:55 - 0000000 ____D C:\Windows\ERDNT
2012-03-25 00:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-25 00:21 - 2012-03-25 00:21 - 0017727 ____A C:\ComboFix.txt
2012-03-25 00:15 - 2012-03-25 00:15 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-25 00:15 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-03-24 23:58 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-24 23:58 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-24 23:00 - 2012-03-24 23:00 - 0065536 __ASH C:\Windows\System32\config\components{4d51d3d9-75ff-11e1-8365-0026228453f9}.TxR.blf
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-24 22:08 - 2012-03-24 22:08 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-24 22:08 - 2009-07-13 18:34 - 70516736 ____A C:\Windows\System32\config\software.bak
2012-03-24 22:08 - 2009-07-13 18:34 - 22282240 ____A C:\Windows\System32\config\system.bak
2012-03-24 22:08 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-03-24 22:08 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-03-24 22:08 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-24 22:07 - 2012-03-24 22:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-24 18:17 - 2011-09-19 09:21 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\Memorex
2012-03-24 18:17 - 2011-06-13 21:17 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\SoftDMA
2012-03-24 18:17 - 2011-06-13 21:17 - 0000000 ____D C:\Users\Ivee\AppData\Local\PlayMovie
2012-03-24 18:17 - 2011-01-26 09:39 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\FreeHideIP
2012-03-24 18:17 - 2010-04-29 14:42 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\GetRightToGo
2012-03-24 18:17 - 2010-01-10 01:57 - 0000000 ___SD C:\Users\Ivee\Documents\My Data Sources
2012-03-24 18:17 - 2010-01-08 07:53 - 0000000 ____D C:\Users\Public\Desktop\Adobe Reader 9 Installer
2012-03-24 18:17 - 2010-01-05 09:26 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\Skype
2012-03-24 18:17 - 2009-12-25 14:17 - 0000000 ____D C:\Users\Ivee\AppData\Local\Microsoft Help
2012-03-24 18:17 - 2009-12-25 13:47 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\PowerCinema
2012-03-24 18:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-24 18:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-24 18:16 - 2011-06-23 18:50 - 0000000 ____D C:\Users\Ivee\Documents\Fax
2012-03-24 18:16 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-24 18:15 - 2011-12-30 08:53 - 0000000 ___HD C:\Users\Ivee\AppData\Roaming\Malwarebytes
2012-03-24 18:15 - 2010-06-27 03:02 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\SACore
2012-03-24 18:15 - 2009-12-25 16:06 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\Yahoo!
2012-03-24 18:15 - 2009-12-25 13:22 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\Adobe
2012-03-24 18:15 - 2009-12-25 12:42 - 0000000 ____D C:\Users\Ivee\AppData\Roaming\Macromedia
2012-03-24 18:15 - 2009-12-25 12:41 - 0000000 ____D C:\Users\Ivee\AppData\Local\VirtualStore
2012-03-24 18:15 - 2009-12-25 12:39 - 0000000 ____D C:\Users\Ivee\AppData\LocalLow
2012-03-24 18:13 - 2010-01-08 07:53 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-03-24 18:13 - 2010-01-08 07:53 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-03-24 18:13 - 2009-12-25 14:31 - 0000000 ____D C:\Users\Ivee\AppData\Local\Adobe
2012-03-24 09:40 - 2010-12-28 22:29 - 0000000 ___HD C:\Users\Ivee\AppData\Roaming\Free Download Manager
2012-03-24 07:36 - 2012-03-24 07:34 - 0121330 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_11.34.36_log.txt
2012-03-24 07:33 - 2012-03-24 07:33 - 0000348 ____A C:\TDSSKiller.2.6.25.0_24.03.2012_11.33.44_log.txt
2012-03-24 06:20 - 2012-03-24 06:20 - 0001136 ___AH C:\Users\Ivee\Documents\hosts.txt
2012-03-24 05:18 - 2012-03-24 05:17 - 0121308 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_09.17.06_log.txt
2012-03-24 05:15 - 2012-03-24 05:15 - 0000348 ____A C:\TDSSKiller.2.6.25.0_24.03.2012_09.15.36_log.txt
2012-03-24 04:22 - 2010-06-27 02:53 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-24 04:22 - 2009-08-21 18:18 - 0000000 ____D C:\Users\All Users\McAfee
2012-03-24 04:22 - 2009-08-21 18:18 - 0000000 ____D C:\ProgramData\McAfee
2012-03-24 03:39 - 2012-01-02 17:02 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-24 03:39 - 2011-12-30 08:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 03:39 - 2009-08-21 18:17 - 0000000 ____D C:\Program Files (x86)\EgisTec Egis Software Update
2012-03-24 03:39 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-03-24 03:39 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-24 00:17 - 2012-03-24 00:15 - 0000479 ____A C:\data
2012-03-24 00:11 - 2012-03-24 00:10 - 0000000 ___HD C:\Users\Public\Documents\COMODO
2012-03-24 00:01 - 2012-03-24 00:01 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-03-23 22:44 - 2012-01-02 17:02 - 0000000 ____D C:\Program Files\Bonjour
2012-03-23 22:44 - 2009-11-15 23:23 - 0000000 ____D C:\Program Files (x86)\Launch Manager
2012-03-23 22:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-23 22:43 - 2012-03-23 14:45 - 0000000 ___HD C:\Users\Ivee\Downloads\tdsskiller (1)
2012-03-23 22:40 - 2010-06-10 15:51 - 0000000 ____D C:\Windows\SysWOW64\v8340
2012-03-23 22:40 - 2010-06-10 15:51 - 0000000 ____D C:\Windows\SysWOW64\v8330
2012-03-23 22:40 - 2010-06-10 15:51 - 0000000 ____D C:\Windows\SysWOW64\v8321
2012-03-23 22:40 - 2010-06-10 15:51 - 0000000 ____D C:\Windows\SysWOW64\v8300
2012-03-23 22:40 - 2010-06-10 15:51 - 0000000 ____D C:\Windows\SysWOW64\v8200
2012-03-23 22:40 - 2009-08-21 18:43 - 0000000 ____D C:\Windows\SysWOW64\OEM
2012-03-23 22:40 - 2009-08-21 18:30 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-23 22:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-23 22:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-23 22:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-23 22:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-23 22:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-23 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-23 22:39 - 2011-12-23 05:25 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-03-23 22:39 - 2010-06-04 22:47 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-03-23 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-03-23 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-03-23 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-23 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-23 22:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-03-23 22:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-03-23 22:39 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-03-23 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-23 22:38 - 2012-03-22 11:47 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-23 22:38 - 2012-02-22 06:12 - 0000000 ____D C:\Users\All Users\GoBoingo
2012-03-23 22:38 - 2012-02-22 06:12 - 0000000 ____D C:\ProgramData\GoBoingo
2012-03-23 22:38 - 2012-01-02 17:01 - 0000000 ____D C:\Users\All Users\Apple
2012-03-23 22:38 - 2012-01-02 17:01 - 0000000 ____D C:\ProgramData\Apple
2012-03-23 22:38 - 2011-12-30 08:53 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-23 22:38 - 2011-12-30 08:53 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-23 22:38 - 2011-05-14 11:55 - 0000000 ____D C:\Users\All Users\Skype Extras
2012-03-23 22:38 - 2011-05-14 11:55 - 0000000 ____D C:\ProgramData\Skype Extras
2012-03-23 22:38 - 2010-12-28 22:36 - 0000000 ____D C:\Users\All Users\DivX
2012-03-23 22:38 - 2010-12-28 22:36 - 0000000 ____D C:\ProgramData\DivX
2012-03-23 22:38 - 2010-09-10 06:38 - 0000000 ___HD C:\Users\All Users\{55BA2CFF-7449-4B0E-A62E-CDF449A2B6A1}
2012-03-23 22:38 - 2010-09-10 06:38 - 0000000 ___HD C:\ProgramData\{55BA2CFF-7449-4B0E-A62E-CDF449A2B6A1}
2012-03-23 22:38 - 2010-06-10 15:50 - 0000000 ____D C:\Windows\GeoOCX
2012-03-23 22:38 - 2010-02-26 17:10 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-03-23 22:38 - 2010-02-26 17:10 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-03-23 22:38 - 2010-01-29 12:05 - 0000000 ___HD C:\Users\All Users\{6E57C04D-2586-4143-9C6C-585C15C3AA9E}
2012-03-23 22:38 - 2010-01-29 12:05 - 0000000 ___HD C:\ProgramData\{6E57C04D-2586-4143-9C6C-585C15C3AA9E}
2012-03-23 22:38 - 2010-01-08 07:49 - 0000000 ____D C:\Users\All Users\NOS
2012-03-23 22:38 - 2010-01-08 07:49 - 0000000 ____D C:\ProgramData\NOS
2012-03-23 22:38 - 2010-01-05 09:25 - 0000000 ____D C:\Users\All Users\Skype
2012-03-23 22:38 - 2010-01-05 09:25 - 0000000 ____D C:\ProgramData\Skype
2012-03-23 22:38 - 2009-12-25 16:13 - 0000000 ____D C:\Windows\PixArt
2012-03-23 22:38 - 2009-12-25 16:09 - 0000000 ___HD C:\Users\Ivee\AppData\Local\Yahoo
2012-03-23 22:38 - 2009-12-25 16:06 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-03-23 22:38 - 2009-12-25 16:06 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-03-23 22:38 - 2009-12-25 16:06 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-03-23 22:38 - 2009-12-25 16:06 - 0000000 ____D C:\ProgramData\Yahoo!
2012-03-23 22:38 - 2009-12-25 12:40 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-03-23 22:38 - 2009-12-25 12:40 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-03-23 22:38 - 2009-11-15 23:37 - 0000000 ____D C:\Users\All Users\CyberLink
2012-03-23 22:38 - 2009-11-15 23:37 - 0000000 ____D C:\ProgramData\CyberLink
2012-03-23 22:38 - 2009-08-21 18:43 - 0000000 ____D C:\Windows\DeployWinRE
2012-03-23 22:38 - 2009-08-21 18:29 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-23 22:38 - 2009-08-21 18:29 - 0000000 ____D C:\ProgramData\Adobe
2012-03-23 22:38 - 2009-08-21 18:27 - 0000000 ____D C:\Windows\Downloaded Installations
2012-03-23 22:38 - 2009-08-21 18:13 - 0000000 ____D C:\Users\All Users\Acer
2012-03-23 22:38 - 2009-08-21 18:13 - 0000000 ____D C:\ProgramData\Acer
2012-03-23 22:38 - 2009-08-21 18:12 - 0000000 ____D C:\Windows\oem
2012-03-23 22:38 - 2009-08-21 17:55 - 0000000 ____D C:\Users\All Users\WildTangent
2012-03-23 22:38 - 2009-08-21 17:55 - 0000000 ____D C:\ProgramData\WildTangent
2012-03-23 22:38 - 2009-08-21 17:54 - 0000000 ____D C:\Windows\OOBEOffer
2012-03-23 22:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-03-23 22:38 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-03-23 22:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-03-23 22:37 - 2012-03-22 03:31 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-03-23 22:37 - 2012-02-22 06:12 - 0000000 ____D C:\Program Files (x86)\Boingo
2012-03-23 22:37 - 2012-01-02 17:05 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-23 22:37 - 2012-01-02 17:04 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-23 22:37 - 2011-07-11 12:42 - 0000000 ____D C:\Program Files (x86)\NCH Swift Sound
2012-03-23 22:37 - 2011-07-11 12:40 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-03-23 22:37 - 2011-06-23 21:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-03-23 22:37 - 2011-06-23 21:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-23 22:37 - 2011-06-23 21:18 - 0000000 ____D C:\ITT_Student_Office2007
2012-03-23 22:37 - 2011-06-22 14:21 - 0000000 ____D C:\Program Files (x86)\HP
2012-03-23 22:37 - 2011-01-03 01:04 - 0000000 ____D C:\Program Files (x86)\ManyCam
2012-03-23 22:37 - 2010-12-28 22:36 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-23 22:37 - 2010-06-10 15:51 - 0000000 ____D C:\Program Files (x86)\DMMultiView
2012-03-23 22:37 - 2010-01-29 12:06 - 0000000 ____D C:\Program Files (x86)\Hawkes Learning Systems
2012-03-23 22:37 - 2010-01-05 09:25 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-23 22:37 - 2009-12-26 12:57 - 0000000 ____D C:\Program Files (x86)\PixArt
2012-03-23 22:37 - 2009-12-25 16:03 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-03-23 22:37 - 2009-12-25 12:40 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-23 22:37 - 2009-11-15 23:40 - 0000000 ____D C:\Program Files (x86)\Cyberlink
2012-03-23 22:37 - 2009-11-15 23:37 - 0000000 ____D C:\Program Files (x86)\Acer Arcade Deluxe
2012-03-23 22:37 - 2009-11-15 23:34 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-23 22:37 - 2009-11-15 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-23 22:37 - 2009-11-15 23:30 - 0000000 ____D C:\Program Files\Synaptics
2012-03-23 22:37 - 2009-11-15 23:26 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-23 22:37 - 2009-11-15 23:25 - 0000000 ____D C:\Program Files\ATI
2012-03-23 22:37 - 2009-11-15 23:25 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-03-23 22:37 - 2009-08-21 18:40 - 0000000 ____D C:\OEM
2012-03-23 22:37 - 2009-08-21 18:33 - 0000000 ____D C:\Program Files (x86)\Acer Inc
2012-03-23 22:37 - 2009-08-21 18:30 - 0000000 ____D C:\Program Files (x86)\eSobi
2012-03-23 22:37 - 2009-08-21 18:29 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-23 22:37 - 2009-08-21 18:25 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-03-23 22:37 - 2009-08-21 18:17 - 0000000 ____D C:\Program Files (x86)\EgisTec
2012-03-23 22:37 - 2009-08-21 18:13 - 0000000 ____D C:\Program Files\Acer
2012-03-23 22:37 - 2009-08-21 18:12 - 0000000 ____D C:\Program Files (x86)\Acer
2012-03-23 22:37 - 2009-08-21 18:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-23 22:37 - 2009-08-21 18:10 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-03-23 22:37 - 2009-08-21 18:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-23 22:37 - 2009-08-21 18:04 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-23 22:37 - 2009-08-21 18:03 - 0000000 ___RD C:\MSOCache
2012-03-23 22:37 - 2009-08-21 18:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-23 22:37 - 2009-08-21 17:55 - 0000000 ____D C:\Program Files (x86)\Acer Games
2012-03-23 22:37 - 2009-08-21 17:54 - 0000000 ____D C:\Program Files\Realtek
2012-03-23 22:37 - 2009-08-21 17:50 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-23 22:37 - 2009-08-21 17:50 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-23 22:37 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-23 22:37 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-03-23 22:37 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-03-23 22:37 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-23 14:49 - 2012-03-23 14:46 - 0125636 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_18.46.05_log.txt
2012-03-23 14:45 - 2012-03-23 14:45 - 2047211 ___AH C:\Users\Ivee\Downloads\tdsskiller (1).zip
2012-03-23 14:44 - 2012-03-23 14:44 - 2047211 ___AH C:\Users\Ivee\Downloads\tdsskiller.zip
2012-03-23 14:44 - 2012-03-23 14:44 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.44.51_log.txt
2012-03-23 14:44 - 2012-03-23 14:44 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.44.21_log.txt
2012-03-23 14:43 - 2012-03-23 14:43 - 0000348 ____A C:\TDSSKiller.2.6.25.0_23.03.2012_18.43.26_log.txt
2012-03-23 11:40 - 2012-03-23 11:40 - 0000000 ____D C:\$AVG
2012-03-23 10:51 - 2012-02-19 17:39 - 0000151 ___AH C:\Users\Ivee\Documents\hu questions.txt
2012-03-23 09:50 - 2012-03-23 09:49 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-23 09:50 - 2012-03-23 09:49 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-23 09:44 - 2012-03-23 09:44 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ___HD C:\Users\Ivee\AppData\Roaming\TestApp
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-23 09:20 - 2012-03-23 09:20 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-22 12:01 - 2012-03-22 11:58 - 0125768 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_15.58.40_log.txt
2012-03-22 11:57 - 2012-03-22 11:57 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.57.37_log.txt
2012-03-22 11:51 - 2012-03-22 11:45 - 0128566 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_15.45.20_log.txt
2012-03-22 11:43 - 2012-03-22 11:43 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.43.31_log.txt
2012-03-22 11:40 - 2012-03-22 11:40 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_15.40.50_log.txt
2012-03-22 09:50 - 2012-03-22 03:31 - 0000000 ____D C:\sh4ldr
2012-03-22 09:50 - 2012-03-22 03:30 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-22 06:34 - 2012-03-22 06:34 - 0000348 ____A C:\TDSSKiller.2.6.25.0_22.03.2012_10.34.18_log.txt
2012-03-22 03:53 - 2012-03-22 03:53 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-21 16:53 - 2012-03-20 22:30 - 0054272 ___AH C:\Users\Ivee\Documents\RESUME FOR NON HEALTH AND SCIENCE LV JOBS (NO OUT OF STATE SCHOOL HIST.).doc
2012-03-21 16:53 - 2012-01-23 12:39 - 0052736 ___AH C:\Users\Ivee\Documents\HEALTH AND SCIENCE RESUME.doc
2012-03-20 23:26 - 2012-03-16 16:12 - 0142347 ___AH C:\Users\Ivee\Documents\jobs.docx
2012-03-20 22:28 - 2012-01-23 12:39 - 0054272 ___AH C:\Users\Ivee\Documents\RESUME FOR NON HEALTH AND SCIENCE.doc
2012-03-20 20:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-19 16:54 - 2012-03-19 16:54 - 0000255 ___AH C:\Users\Ivee\Documents\jobs questions.txt
2012-03-18 05:00 - 2012-03-17 22:35 - 0000321 ___AH C:\Users\Ivee\Documents\volunteer questions.txt
2012-03-16 16:12 - 2012-03-16 16:12 - 0000162 ___AH C:\Users\Ivee\Documents\~$jobs.docx
2012-03-13 23:04 - 2010-02-02 07:22 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 23:04 - 2009-08-21 18:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-13 23:04 - 2009-08-21 18:03 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-10 18:21 - 2012-03-10 17:31 - 0000162 ___AH C:\Users\Ivee\Documents\~$tering med school.docx
2012-03-10 18:21 - 2012-03-07 13:46 - 0012792 ___AH C:\Users\Ivee\Documents\Entering med school.docx
2012-03-07 01:04 - 2012-03-06 22:00 - 0018263 ___AH C:\Users\Ivee\Documents\HUCM.docx
2012-03-07 01:03 - 2012-03-06 19:58 - 0016528 ___AH C:\Users\Ivee\Documents\USUHS.docx
2012-03-07 01:01 - 2012-03-06 12:21 - 0013476 ___AH C:\Users\Ivee\Documents\Steps to Success.docx
2012-03-05 01:22 - 2012-03-05 01:22 - 0001052 ___AH C:\Users\Ivee\Documents\demitrez.txt
2012-03-04 19:27 - 2012-03-04 19:27 - 0000162 ___AH C:\Users\Ivee\Documents\~$litary base locations.docx
2012-03-04 18:02 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-04 16:57 - 2012-03-04 16:57 - 0000162 ___AH C:\Users\Ivee\Documents\~$r force.docx
2012-03-02 02:34 - 2012-03-02 02:34 - 0000033 ___AH C:\Users\Ivee\Documents\demetriz address.txt
2012-02-23 19:59 - 2011-01-16 02:24 - 0000030 ___AH C:\Users\Ivee\Documents\netflix info.txt
2012-02-16 22:38 - 2012-03-13 12:47 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 12:47 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 12:47 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 12:47 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 19:05 - 2012-02-16 19:05 - 0000118 ____A C:\Windows\System32\MRT.INI
2012-02-09 22:36 - 2012-03-13 12:48 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 12:48 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-05 12:45 - 2009-07-13 21:08 - 0032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-02 20:34 - 2012-03-13 12:48 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-30 19:17 - 2012-01-30 19:17 - 0000030 ___AH C:\Users\Ivee\Documents\card2.txt
2012-01-26 13:44 - 2012-01-26 13:44 - 0010149 ___AH C:\Users\Ivee\Documents\References123.docx
2012-01-24 22:38 - 2012-03-25 08:31 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-25 08:31 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 12:47 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 12:39 - 2012-01-23 12:39 - 0000162 ___AH C:\Users\Ivee\Documents\~$SUME FOR NON HEALTH AND SCIENCE.doc
2012-01-23 12:39 - 2012-01-23 12:39 - 0000162 ___AH C:\Users\Ivee\Documents\~$ALTH AND SCIENCE RESUME.doc
2012-01-23 12:36 - 2012-01-23 12:36 - 0000162 ___AH C:\Users\Ivee\Documents\~$SUME MAIN INFO for jobs.doc
2012-01-23 12:34 - 2012-01-23 12:34 - 0000162 ___AH C:\Users\Ivee\Documents\~$mplate.dotm
2012-01-23 11:14 - 2012-01-03 10:51 - 0053248 ___AH C:\Users\Ivee\Documents\RESUME MAIN INFO for jobs.doc
2012-01-22 20:21 - 2012-01-22 20:21 - 0000064 ___AH C:\Users\Ivee\Documents\bio jobs.txt
2012-01-20 13:02 - 2012-01-20 12:29 - 0000124 ___AH C:\Users\Ivee\Documents\VOLUNTEER INFO.txt
2012-01-17 17:55 - 2010-09-15 11:57 - 0197882 ___AH C:\Users\Ivee\Documents\S6006678.JPG
2012-01-09 08:54 - 2012-01-09 08:53 - 0000432 ____A C:\Users\All Users\4FArpgX7M9HcUO
2012-01-09 08:54 - 2012-01-09 08:53 - 0000432 ____A C:\ProgramData\4FArpgX7M9HcUO
2012-01-04 02:44 - 2012-02-15 17:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 17:25 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 17:25 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 17:25 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 14:05 - 2012-01-03 14:05 - 0117671 ___AH C:\Users\Ivee\Documents\mil2.JPG
2012-01-03 13:53 - 2012-01-03 13:53 - 0120930 ___AH C:\Users\Ivee\Documents\dtdfnal2.JPG
2012-01-03 13:50 - 2012-01-03 13:50 - 0135007 ___AH C:\Users\Ivee\Documents\dtdfinal.JPG
2012-01-03 07:05 - 2012-01-03 07:05 - 0128353 ___AH C:\Users\Ivee\Documents\doortodoor.JPG
2012-01-03 06:53 - 2012-01-03 06:53 - 0092271 ___AH C:\Users\Ivee\Documents\Ivee D[1].pdf
2012-01-02 22:03 - 2012-01-02 22:03 - 0000000 ___HD C:\Users\Ivee\AppData\Roaming\Apple Computer
2012-01-02 17:05 - 2012-01-02 17:05 - 0000000 ___HD C:\Users\Ivee\AppData\Local\Apple
2012-01-02 16:53 - 2012-01-02 16:53 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-12-30 08:52 - 2011-12-30 08:52 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Ivee\Desktop\mbam-setup.exe
2011-12-30 08:50 - 2011-12-30 08:47 - 0076684 ____A C:\TDSSKiller.2.6.25.0_30.12.2011_11.47.48_log.txt
2011-12-30 08:46 - 2011-12-30 08:46 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Ivee\Desktop\tdsskiller.exe
2011-12-30 08:21 - 2011-12-30 08:21 - 1008141 ____A C:\Users\Ivee\Desktop\iExplore.exe
2011-12-30 07:50 - 2011-12-23 04:51 - 0009804 __ASH C:\Users\Ivee\AppData\Local\vupdis8f6ysd1yek2dij5u384h4i
2011-12-30 07:50 - 2011-12-23 04:51 - 0009804 __ASH C:\Users\All Users\vupdis8f6ysd1yek2dij5u384h4i
2011-12-30 07:50 - 2011-12-23 04:51 - 0009804 __ASH C:\ProgramData\vupdis8f6ysd1yek2dij5u384h4i
2011-12-29 22:26 - 2012-02-15 17:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-15 17:24 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-29 18:07 - 2011-12-29 18:07 - 0000162 ___AH C:\Users\Ivee\Documents\~$b listings.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2812.05 MB
Available physical RAM: 2232.64 MB
Total Pagefile: 2810.2 MB
Available Pagefile: 2224.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:72.39 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:0.95 GB) (Free:0.79 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 973 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 101 MB 12 GB
Partition 3 Primary 136 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM RESE NTFS Partition 101 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Acer NTFS Partition 136 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 973 MB 123 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 973 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 13:27

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users